top of page
Search
Writer's picturekevin

The Malware and Ransomware Challenge

Updated: Apr 15, 2021

With attacks up 41% in 2019 and costs forecasted to reach $20 billion by 2021, ransomware is now considered by many to be the top malware threat and challenge for enterprises, governments, and individuals worldwide. Multiple attack vectors such as Phishing emails, infected websites and malvertising, fake apps, and infected storage devices make it virtually impossible for organizations to keep ransomware out of their networks using traditional endpoint, gateway, and network security solutions.


Prismo provides a comprehensive solution to protect against malware and ransomware – from initial access to lateral propagation to execution and impact for attacks emanating from users and servers.


Prismo blocks initial access on the server-side:

Prismo deploys ‘active sensors’ on the servers. These sensors discover the authorized installation accounts in production, test, development and even lab environments. The sensors also track the provenance of every file that is written or installed on the

server. A package, executable or script that does not have the provenance of Enterprise authorized installation accounts is prevented from executing by our active sensor. This powerful capability blocks DoS attacks like ransomware right at install time

and is not subject to evasion from ransomware morphing its behavior.


Prismo detects and contains lateral propagation :

The initial entry point for ransomware might be through a link in a phishing email

that an enterprise employee using a BYOD device clicks. Initial access could also be

through a 3rd party such as a contractor. Employees compromised by the initial

access might not have privileges to access critical systems, but ransomware is

designed to propagate laterally across the network to more important privileged

users and systems. Prismo network sensors detect horizontal movement from user to-

user, as well as the various MITRE Tactics and Techniques associated with

Credential Access, Exploration, Privilege Escalation, Persistence, Evasion, and CnC

communication. When any atomic event triggers, Prismo immediately notifies the

SOC and dynamically pushes preventive policies to its active sensors on critical file

shares so that compromised user devices cannot access them until they have been

remediated.


Prismo detects and blocks the execution and impact :

In rare cases, the initial access for ransomware might be to a privileged user who has

access to critical systems. Prismo uses a combination of Deception and Machine

Learning (ML) to detect and block the encryption of files.


I. Deception: Unbeknownst to users and malware, Prismo sprinkles honey files in

directories and file servers. While these honey files resemble normal files, these

files are never accessed by users. Prismo detects the unauthorized access of these

files and their encryption immediately notifies the SOC and dynamically pushes

preventive policies to its active sensors on critical file shares so that compromised

user devices cannot access them until they have been remediated.


II. Machine Learning: Prismo builds a model of the file access behavior displayed by

ransomware families to detect them. Some of the features used in the model

include rate of files read and written in a short period of time, rate of files deleted

in a short period of time, iteration over multiple directories in a short time period,

rate of different file types accessed and delta-time between file writes of two

different files.


PRISMO BENEFITS:

End-to-end Security

______________________________________________

Complete Visibility

______________________________________________

Just-Enough Privileges

______________________________________________

100M transactions/sec

______________________________________________

Multi-year history

______________________________________________

Ease of–use

______________________________________________

Simplified security stack

______________________________________________

75% reduction in spend

______________________________________________

For more information or to schedule a

demo, please contact us at:

ClesrSky Cloud.

www.clearsky.cloud

info@clearsky.cloud

30 views0 comments

Recent Posts

See All

Comments


bottom of page